Re: Exploiting Google MX servers as Open SMTP Relays

To: "Todd T. Fries" <todd@xxxxxxxxx>
Subject: Re: Exploiting Google MX servers as Open SMTP Relays
From: Lamont Granquist <lamont@xxxxxxxxxxxxxxxx>
Date: Sat, 10 May 2008 12:03:58 -0700 (PDT)
Cc: Michael Scheidell <scheidell@xxxxxxxxxx>, pablo.ximenes@xxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <20080510181814.GB2782@xxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20080507203746.19860.qmail@xxxxxxxxxxxxxxxxx> <C44B2194.56C04%scheidell@xxxxxxxxxx> <20080510180442.GA2782@xxxxxxxxx> <20080510181814.GB2782@xxxxxxxxx>

I was getting backscatter SPAM from google and enabled SPF rules in my DNSdomain along with installing Vbounce in SpamAssassin and it has basicallyall stopped.

SPF specifically addresses the Google bounce issue, since Googleimplements SPF. When a spammer sends a message to google with a forgedFrom: header for my account, Google will lookup my domains SPF record andsee that the spammers mail sender is not a valid sender for my domain andwill not send a bounce.

There is some loss of flexibility in enabling SPF (you *must* now sende-mail outbound through those approved senders), and it abuses DNS TXTrecords, but it works great for me. I could care less if it isn't "the"solution for everyone on the internet -- but it made all my googlebackscatter spam go away and hasn't caused me any issues.

Vbounce is also useful since it catches all kinds of backscatter fromother virus scanners and spam scanners and sites that don't implement SPFchecking.


On Sat, 10 May 2008, Todd T. Fries wrote:

Oh and btw, unless you have another different issue you are reporting,
this well documented behavior has been reported before:

 http://rss.slashdot.org/~r/Slashdot/slashdot/~3/266688832/article.pl

*grumble*
--
Todd Fries .. todd@xxxxxxxxx

_____________________________________________
|                                             \  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC                 \  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com             \  1.866.792.3418 (FAX)
| "..in support of free software solutions."  \  1.700.227.9094 (IAXTEL)
|                                             \          250797 (FWD)
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

             37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
                       http://todd.fries.net/pgp.txt

Penned by Todd T. Fries on 20080510 13:04.42, we have:
| Yes this is very frustrating.
|
| The details are not so hard to guess.  Unless this post is different,
| anyone can send an email to a nonexistent user at a google service and
| they accept it and bounce back to the envelope recipient. *sigh*.
|
| We are going back to the stone age by copying qmails default stupidity.
|
| This is doing very much harm.
|
| I would even go as far as to say that Google is making a business case for
| its latest purchase, postini, in a very evil way, every second this proble
| goes unsolved.
|
| *sigh*
| --
| Todd Fries .. todd@xxxxxxxxx
|
|  _____________________________________________
| |                                             \  1.636.410.0632 (voice)
| | Free Daemon Consulting, LLC                 \  1.405.227.9094 (voice)
| | http://FreeDaemonConsulting.com             \  1.866.792.3418 (FAX)
| | "..in support of free software solutions."  \  1.700.227.9094 (IAXTEL)
| |                                             \          250797 (FWD)
|  \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
|
|               37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
|                         http://todd.fries.net/pgp.txt
|
| Penned by Michael Scheidell on 20080510  9:55.32, we have:
| |
| |
| | > From: <pablo.ximenes@xxxxxxx>
| | > Date: 7 May 2008 20:37:46 -0000
| | > To: <bugtraq@xxxxxxxxxxxxxxxxx>
| | > Subject: Exploiting Google MX servers as Open SMTP Relays
| | >
| | >
| | > Vulnerability Report:
| | >
| | > As part of our recent work on the trust hierarchy that exists among email
| | > providers throughout the Internet, we have uncovered a serious security 
flaw
| | > in Ggoogle's free email service, Gmail.
| | >
| | > Disclosure:
| | > We have contacted Google about this issue and are waiting for their 
position
| | > before releasing further details.
| | >
| |
| | Don't hold our breath.. I have tried to get them to close this very hole for
| | maybe a year now.
| |
| | (see/'google' for posts in bugtraq and spamassassin users group showing
| | headers from unrelated domains sending spam through google mail servers..
| | They ignore the emails to abuse@xxxxxxxxxx)
| |
| |
| | --
| | Michael Scheidell, CTO
| | >|SECNAP Network Security
| | Winner 2008 Network Products Guide Hot Companies
| | FreeBSD SpamAssassin Ports maintainer
| |
| | _________________________________________________________________________
| | This email has been scanned and certified safe by SpammerTrap(r).
| | For Information please see http://www.spammertrap.com
| | _________________________________________________________________________

References:
- Exploiting Google MX servers as Open SMTP Relays
  - From: pablo . ximenes
- Re: Exploiting Google MX servers as Open SMTP Relays
  - From: Michael Scheidell
- Re: Exploiting Google MX servers as Open SMTP Relays
  - From: Todd T. Fries
- Re: Exploiting Google MX servers as Open SMTP Relays
  - From: Todd T. Fries

Prev by Date: Re: Re: Exploiting Google MX servers as Open SMTP Relays
Next by Date: [security bulletin] HPSBUX02334 SSRT071403 rev.1 - HP-UX Running ftp, Remote Denial of Service (DoS)
Previous by thread: Re: Exploiting Google MX servers as Open SMTP Relays
Next by thread: Re: Exploiting Google MX servers as Open SMTP Relays
Index(es):
- Date
- Thread